The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/compute_step.py contains an eval() call within the eval_flops method. This function evaluates mathematical formulas defined in the flops_formula field of a user-provided JSON file. While the call uses a restricted dictionary for globals and builtins, eval() remains a significant security risk that can potentially be bypassed to execute arbitrary Python code if the input data is maliciously crafted.
[COMMAND_EXECUTION]: Integration tests in scripts/test_integration.py utilize subprocess.run() to execute the skill's CLI tool, facilitating shell command execution within the environment.
[EXTERNAL_DOWNLOADS]: The SKILL.md instructions recommend using npx @mermaid-js/mermaid-cli to render Mermaid diagrams. This operation downloads and executes the mmdc utility from the NPM registry, a well-known and standard service for technology dependencies.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data files.
Ingestion points: Data enters the agent's context through user-supplied JSON files (e.g., steps.json) which are parsed in scripts/compute_step.py.
Boundary markers: There are no explicit boundary markers or instructions used to separate the data from commands or to ignore embedded instructions.
Capability inventory: The skill possesses capabilities for dynamic code evaluation via eval() and shell command execution via subprocess.run().
Sanitization: The eval() implementation uses a restricted environment ({"__builtins__": {}}) to mitigate injection risks, though this does not provide a complete security guarantee.

tpu-perf-model